| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Jun 2023 22:32:40 -0400
From: Waiman Long <longman@...hat.com>
To: Tejun Heo <tj@...nel.org>, Zou Cao <zoucaox@...il.com>
Cc: linux-kernel@...r.kernel.org, cgroups@...r.kernel.org,
lizefan.x@...edance.com, hannes@...xchg.org, brauner@...nel.org,
Zou Cao <zoucao@...ishou.com>
Subject: Re: [PATCH] cgroup: fixed the cset refcnt leak when fork() failed
On 6/5/23 17:38, Tejun Heo wrote:
> On Mon, Jun 05, 2023 at 09:04:44PM +0800, Zou Cao wrote:
>> TeamID: B1486294
>>
>> when fork, cset will be increased by commit "ef2c41cf38a7", the refcnt will
>> be decrease by child exit, but when failed in fork(), this refcnt will
>> be lost decrease in cgroup_cancel_fork as follow:
>>
>> copy_process
>> |
>> cgroup_can_fork // increase the css refcount
>> ......
>> spin_lock_irq(&css_set_lock);
>> cset = task_css_setcurrent);
>> get_css_set(cset);
>> spin_unlock_irq&css_set_lock);
>> ......
>> |
>> goto cgroup_cancel_fork // if failed in copy_process
>> |
>> cgroup_cancel_fork // lost the decrease refcount if flag not CLONE_INTO_CGROUP
>>
>> Fixes: ef2c41cf38a7 ("clone3: allow spawning processes into cgroups")
>> Signed-off-by: Zou Cao <zoucao@...ishou.com>
> Is this the same bug fixed by the following commit?
>
> https://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup.git/commit/?h=for-6.4-fixes&id=2bd110339288c18823dcace602b63b0d8627e520
I believe it is the same bug that this patch is trying to fix. I missed
the part kargs->cset is cleared in cgroup_post_fork() so that the put
can be done solely in cgroup_css_set_put_fork(). That is definitely the
cleaner approach.
Cheers,
Longman
Powered by blists - more mailing lists